A high-severity vulnerability has been discovered in a number of Cisco routers (opens in new tab) which allows threat actors to bypass authentication, gain root access to the endpoint, and even launch arbitrary commands on the underlying operating system in the second stage of the attack.

The news comes courtesy of Cisco itself, which said it wouldn’t be addressing the flaw given that it was discovered in endpoints that have reached the end of life. The flaw, tracked as CVE-2023-20025, affects Cisco Small business RV016, RV042, RV042G, and RV082 routers. By sending a custom-built HTTP request to the web-based management interface of the vulnerable routers, the attackers could bypass the device’s authentication and remotely exploit it.

Source link

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *